<!doctype html>

<html>
<head>
  <link rel="shortcut icon" href="static/images/favicon.ico" type="image/x-icon">
  <title>safeurl.js (Closure Library API Documentation - JavaScript)</title>
  <link rel="stylesheet" href="static/css/base.css">
  <link rel="stylesheet" href="static/css/doc.css">
  <link rel="stylesheet" href="static/css/sidetree.css">
  <link rel="stylesheet" href="static/css/prettify.css">

  <script>
     var _staticFilePath = "static/";
     var _typeTreeName = "goog";
     var _fileTreeName = "Source";
  </script>

  <script src="static/js/doc.js">
  </script>


  <meta charset="utf8">
</head>

<body onload="grokdoc.onLoad();">

<div id="header">
  <div class="g-section g-tpl-50-50 g-split">
    <div class="g-unit g-first">
      <a id="logo" href="index.html">Closure Library API Documentation</a>
    </div>

    <div class="g-unit">
      <div class="g-c">
        <strong>Go to class or file:</strong>
        <input type="text" id="ac">
      </div>
    </div>
  </div>
</div>

<div class="clear"></div>

<h2><a href="local_closure_goog_html_safeurl.js.html">safeurl.js</a></h2>

<pre class="prettyprint lang-js">
<a name="line1"></a>// Copyright 2013 The Closure Library Authors. All Rights Reserved.
<a name="line2"></a>//
<a name="line3"></a>// Licensed under the Apache License, Version 2.0 (the &quot;License&quot;);
<a name="line4"></a>// you may not use this file except in compliance with the License.
<a name="line5"></a>// You may obtain a copy of the License at
<a name="line6"></a>//
<a name="line7"></a>//      http://www.apache.org/licenses/LICENSE-2.0
<a name="line8"></a>//
<a name="line9"></a>// Unless required by applicable law or agreed to in writing, software
<a name="line10"></a>// distributed under the License is distributed on an &quot;AS-IS&quot; BASIS,
<a name="line11"></a>// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<a name="line12"></a>// See the License for the specific language governing permissions and
<a name="line13"></a>// limitations under the License.
<a name="line14"></a>
<a name="line15"></a>/**
<a name="line16"></a> * @fileoverview The SafeUrl type and its builders.
<a name="line17"></a> *
<a name="line18"></a> * TODO(user): Link to document stating type contract.
<a name="line19"></a> */
<a name="line20"></a>
<a name="line21"></a>goog.provide(&#39;goog.html.SafeUrl&#39;);
<a name="line22"></a>
<a name="line23"></a>goog.require(&#39;goog.asserts&#39;);
<a name="line24"></a>goog.require(&#39;goog.i18n.bidi.Dir&#39;);
<a name="line25"></a>goog.require(&#39;goog.i18n.bidi.DirectionalString&#39;);
<a name="line26"></a>goog.require(&#39;goog.string.Const&#39;);
<a name="line27"></a>goog.require(&#39;goog.string.TypedString&#39;);
<a name="line28"></a>
<a name="line29"></a>
<a name="line30"></a>
<a name="line31"></a>/**
<a name="line32"></a> * A string that is safe to use in URL context in DOM APIs and HTML documents.
<a name="line33"></a> *
<a name="line34"></a> * A SafeUrl is a string-like object that carries the security type contract
<a name="line35"></a> * that its value as a string will not cause untrusted script execution
<a name="line36"></a> * when evaluated as a hyperlink URL in a browser.
<a name="line37"></a> *
<a name="line38"></a> * Values of this type are guaranteed to be safe to use in URL/hyperlink
<a name="line39"></a> * contexts, such as, assignment to URL-valued DOM properties, or
<a name="line40"></a> * interpolation into a HTML template in URL context (e.g., inside a href
<a name="line41"></a> * attribute), in the sense that the use will not result in a
<a name="line42"></a> * Cross-Site-Scripting vulnerability.
<a name="line43"></a> *
<a name="line44"></a> * Note that, as documented in {@code goog.html.SafeUrl.unwrap}, this type&#39;s
<a name="line45"></a> * contract does not guarantee that instances are safe to interpolate into HTML
<a name="line46"></a> * without appropriate escaping.
<a name="line47"></a> *
<a name="line48"></a> * Note also that this type&#39;s contract does not imply any guarantees regarding
<a name="line49"></a> * the resource the URL refers to.  In particular, SafeUrls are &lt;b&gt;not&lt;/b&gt;
<a name="line50"></a> * safe to use in a context where the referred-to resource is interpreted as
<a name="line51"></a> * trusted code, e.g., as the src of a script tag.
<a name="line52"></a> *
<a name="line53"></a> * Instances of this type must be created via the factory methods
<a name="line54"></a> * ({@code goog.html.SafeUrl.from}, {@code goog.html.SafeUrl.sanitize}), etc and
<a name="line55"></a> * not by invoking its constructor.  The constructor intentionally takes no
<a name="line56"></a> * parameters and the type is immutable; hence only a default instance
<a name="line57"></a> * corresponding to the empty string can be obtained via constructor invocation.
<a name="line58"></a> *
<a name="line59"></a> * @see goog.html.SafeUrl#fromConstant
<a name="line60"></a> * @see goog.html.SafeUrl#from
<a name="line61"></a> * @see goog.html.SafeUrl#sanitize
<a name="line62"></a> * @constructor
<a name="line63"></a> * @final
<a name="line64"></a> * @struct
<a name="line65"></a> * @implements {goog.i18n.bidi.DirectionalString}
<a name="line66"></a> * @implements {goog.string.TypedString}
<a name="line67"></a> */
<a name="line68"></a>goog.html.SafeUrl = function() {
<a name="line69"></a>  /**
<a name="line70"></a>   * The contained value of this SafeUrl.  The field has a purposely ugly
<a name="line71"></a>   * name to make (non-compiled) code that attempts to directly access this
<a name="line72"></a>   * field stand out.
<a name="line73"></a>   * @private {string}
<a name="line74"></a>   */
<a name="line75"></a>  this.privateDoNotAccessOrElseSafeHtmlWrappedValue_ = &#39;&#39;;
<a name="line76"></a>
<a name="line77"></a>  /**
<a name="line78"></a>   * A type marker used to implement additional run-time type checking.
<a name="line79"></a>   * @see goog.html.SafeUrl#unwrap
<a name="line80"></a>   * @const
<a name="line81"></a>   * @private
<a name="line82"></a>   */
<a name="line83"></a>  this.SAFE_URL_TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_ =
<a name="line84"></a>      goog.html.SafeUrl.TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_;
<a name="line85"></a>};
<a name="line86"></a>
<a name="line87"></a>
<a name="line88"></a>/**
<a name="line89"></a> * The innocuous string generated by goog.html.SafeUrl.sanitize when passed
<a name="line90"></a> * an unsafe URL.
<a name="line91"></a> *
<a name="line92"></a> * about:invalid is registered in
<a name="line93"></a> * http://www.w3.org/TR/css3-values/#about-invalid.
<a name="line94"></a> * http://tools.ietf.org/html/rfc6694#section-2.2.1 permits about URLs to
<a name="line95"></a> * contain a fragment, which is not to be considered when determining if an
<a name="line96"></a> * about URL is well-known.
<a name="line97"></a> *
<a name="line98"></a> * Using about:invalid seems preferable to using a fixed data URL, since
<a name="line99"></a> * browsers might choose to not report CSP violations on it, as legitimate
<a name="line100"></a> * CSS function calls to attr() can result in this URL being produced. It is
<a name="line101"></a> * also a standard URL which matches exactly the semantics we need:
<a name="line102"></a> * &quot;The about:invalid URI references a non-existent document with a generic
<a name="line103"></a> * error condition. It can be used when a URI is necessary, but the default
<a name="line104"></a> * value shouldn&#39;t be resolveable as any type of document&quot;.
<a name="line105"></a> *
<a name="line106"></a> * @const {string}
<a name="line107"></a> */
<a name="line108"></a>goog.html.SafeUrl.INNOCUOUS_STRING = &#39;about:invalid#zClosurez&#39;;
<a name="line109"></a>
<a name="line110"></a>
<a name="line111"></a>/**
<a name="line112"></a> * @override
<a name="line113"></a> * @const
<a name="line114"></a> */
<a name="line115"></a>goog.html.SafeUrl.prototype.implementsGoogStringTypedString = true;
<a name="line116"></a>
<a name="line117"></a>
<a name="line118"></a>/**
<a name="line119"></a> * Returns this SafeUrl&#39;s value a string.
<a name="line120"></a> *
<a name="line121"></a> * IMPORTANT: In code where it is security relevant that an object&#39;s type is
<a name="line122"></a> * indeed {@code SafeUrl}, use {@code goog.html.SafeUrl.unwrap} instead of this
<a name="line123"></a> * method. If in doubt, assume that it&#39;s security relevant. In particular, note
<a name="line124"></a> * that goog.html functions which return a goog.html type do not guarantee that
<a name="line125"></a> * the returned instance is of the right type. For example:
<a name="line126"></a> *
<a name="line127"></a> * &lt;pre&gt;
<a name="line128"></a> * var fakeSafeHtml = new String(&#39;fake&#39;);
<a name="line129"></a> * fakeSafeHtml.__proto__ = goog.html.SafeHtml.prototype;
<a name="line130"></a> * var newSafeHtml = goog.html.SafeHtml.from(fakeSafeHtml);
<a name="line131"></a> * // newSafeHtml is just an alias for fakeSafeHtml, it&#39;s passed through by
<a name="line132"></a> * // goog.html.SafeHtml.from() as fakeSafeHtml instanceof goog.html.SafeHtml.
<a name="line133"></a> * &lt;/pre&gt;
<a name="line134"></a> *
<a name="line135"></a> * IMPORTANT: The guarantees of the SafeUrl type contract only extend to the
<a name="line136"></a> * behavior of browsers when interpreting URLs. Values of SafeUrl objects MUST
<a name="line137"></a> * be appropriately escaped before embedding in a HTML document. Note that the
<a name="line138"></a> * required escaping is context-sensitive (e.g. a different escaping is
<a name="line139"></a> * required for embedding a URL in a style property within a style
<a name="line140"></a> * attribute, as opposed to embedding in a href attribute).
<a name="line141"></a> *
<a name="line142"></a> * @see goog.html.SafeUrl#unwrap
<a name="line143"></a> * @override
<a name="line144"></a> */
<a name="line145"></a>goog.html.SafeUrl.prototype.getTypedStringValue = function() {
<a name="line146"></a>  return this.privateDoNotAccessOrElseSafeHtmlWrappedValue_;
<a name="line147"></a>};
<a name="line148"></a>
<a name="line149"></a>
<a name="line150"></a>/**
<a name="line151"></a> * @override
<a name="line152"></a> * @const
<a name="line153"></a> */
<a name="line154"></a>goog.html.SafeUrl.prototype.implementsGoogI18nBidiDirectionalString = true;
<a name="line155"></a>
<a name="line156"></a>
<a name="line157"></a>/**
<a name="line158"></a> * Returns this URLs directionality, which is always {@code LTR}.
<a name="line159"></a> * @override
<a name="line160"></a> */
<a name="line161"></a>goog.html.SafeUrl.prototype.getDirection = function() {
<a name="line162"></a>  return goog.i18n.bidi.Dir.LTR;
<a name="line163"></a>};
<a name="line164"></a>
<a name="line165"></a>
<a name="line166"></a>if (goog.DEBUG) {
<a name="line167"></a>  /**
<a name="line168"></a>   * Returns a debug string-representation of this value.
<a name="line169"></a>   *
<a name="line170"></a>   * To obtain the actual string value wrapped in a SafeUrl, use
<a name="line171"></a>   * {@code goog.html.SafeUrl.unwrap}.
<a name="line172"></a>   *
<a name="line173"></a>   * @see goog.html.SafeUrl#unwrap
<a name="line174"></a>   * @override
<a name="line175"></a>   */
<a name="line176"></a>  goog.html.SafeUrl.prototype.toString = function() {
<a name="line177"></a>    return &#39;SafeUrl{&#39; + this.privateDoNotAccessOrElseSafeHtmlWrappedValue_ +
<a name="line178"></a>        &#39;}&#39;;
<a name="line179"></a>  };
<a name="line180"></a>}
<a name="line181"></a>
<a name="line182"></a>
<a name="line183"></a>/**
<a name="line184"></a> * Performs a runtime check that the provided object is indeed a SafeUrl
<a name="line185"></a> * object, and returns its value.
<a name="line186"></a> *
<a name="line187"></a> * IMPORTANT: The guarantees of the SafeUrl type contract only extend to the
<a name="line188"></a> * behavior of  browsers when interpreting URLs. Values of SafeUrl objects MUST
<a name="line189"></a> * be appropriately escaped before embedding in a HTML document. Note that the
<a name="line190"></a> * required escaping is context-sensitive (e.g. a different escaping is
<a name="line191"></a> * required for embedding a URL in a style property within a style
<a name="line192"></a> * attribute, as opposed to embedding in a href attribute).
<a name="line193"></a> *
<a name="line194"></a> * Note that the returned value does not necessarily correspond to the string
<a name="line195"></a> * with which the SafeUrl was constructed, since goog.html.SafeUrl.sanitize
<a name="line196"></a> * will percent-encode many characters.
<a name="line197"></a> *
<a name="line198"></a> * @param {!goog.html.SafeUrl} safeUrl The object to extract from.
<a name="line199"></a> * @return {string} The SafeUrl object&#39;s contained string, unless the run-time
<a name="line200"></a> *     type check fails. In that case, {@code unwrap} returns an innocuous
<a name="line201"></a> *     string, or, if assertions are enabled, throws
<a name="line202"></a> *     {@code goog.asserts.AssertionError}.
<a name="line203"></a> */
<a name="line204"></a>goog.html.SafeUrl.unwrap = function(safeUrl) {
<a name="line205"></a>  // Perform additional Run-time type-checking to ensure that safeUrl is indeed
<a name="line206"></a>  // an instance of the expected type.  This provides some additional protection
<a name="line207"></a>  // against security bugs due to application code that disables type checks.
<a name="line208"></a>  // Specifically, the following checks are performed:
<a name="line209"></a>  // 1. The object is an instance of the expected type.
<a name="line210"></a>  // 2. The object is not an instance of a subclass.
<a name="line211"></a>  // 3. The object carries a type marker for the expected type. &quot;Faking&quot; an
<a name="line212"></a>  // object requires a reference to the type marker, which has names intended
<a name="line213"></a>  // to stand out in code reviews.
<a name="line214"></a>  if (safeUrl instanceof goog.html.SafeUrl &amp;&amp;
<a name="line215"></a>      safeUrl.constructor === goog.html.SafeUrl &amp;&amp;
<a name="line216"></a>      safeUrl.SAFE_URL_TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_ ===
<a name="line217"></a>          goog.html.SafeUrl.TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_) {
<a name="line218"></a>    return safeUrl.privateDoNotAccessOrElseSafeHtmlWrappedValue_;
<a name="line219"></a>  } else {
<a name="line220"></a>    goog.asserts.fail(&#39;expected object of type SafeUrl, got \&#39;&#39; +
<a name="line221"></a>                      safeUrl + &#39;\&#39;&#39;);
<a name="line222"></a>    return &#39;type_error:SafeUrl&#39;;
<a name="line223"></a>
<a name="line224"></a>  }
<a name="line225"></a>};
<a name="line226"></a>
<a name="line227"></a>
<a name="line228"></a>/**
<a name="line229"></a> * Creates a SafeUrl object from a compile-time constant string.
<a name="line230"></a> *
<a name="line231"></a> * Compile-time constant strings are inherently program-controlled and hence
<a name="line232"></a> * trusted.
<a name="line233"></a> *
<a name="line234"></a> * @param {!goog.string.Const} url A compile-time-constant string from which to
<a name="line235"></a> *         create a SafeUrl.
<a name="line236"></a> * @return {!goog.html.SafeUrl} A SafeUrl object initialized to {@code url}.
<a name="line237"></a> */
<a name="line238"></a>goog.html.SafeUrl.fromConstant = function(url) {
<a name="line239"></a>  return goog.html.SafeUrl.createSafeUrlSecurityPrivateDoNotAccessOrElse_(
<a name="line240"></a>      goog.string.Const.unwrap(url));
<a name="line241"></a>};
<a name="line242"></a>
<a name="line243"></a>
<a name="line244"></a>/**
<a name="line245"></a> * A pattern that recognizes a commonly useful subset of URLs that satisfy
<a name="line246"></a> * the SafeUrl contract.
<a name="line247"></a> *
<a name="line248"></a> * This regular expression matches a subset of URLs that will not cause script
<a name="line249"></a> * execution if used in URL context within a HTML document. Specifically, this
<a name="line250"></a> * regular expression matches if (comment from here on and regex copied from
<a name="line251"></a> * Soy&#39;s EscapingConventions):
<a name="line252"></a> * (1) Either a protocol in a whitelist (http, https, mailto).
<a name="line253"></a> * (2) or no protocol.  A protocol must be followed by a colon. The below
<a name="line254"></a> *     allows that by allowing colons only after one of the characters [/?#].
<a name="line255"></a> *     A colon after a hash (#) must be in the fragment.
<a name="line256"></a> *     Otherwise, a colon after a (?) must be in a query.
<a name="line257"></a> *     Otherwise, a colon after a single solidus (/) must be in a path.
<a name="line258"></a> *     Otherwise, a colon after a double solidus (//) must be in the authority
<a name="line259"></a> *     (before port).
<a name="line260"></a> *
<a name="line261"></a> * The pattern disallows &amp;, used in HTML entity declarations before
<a name="line262"></a> * one of the characters in [/?#]. This disallows HTML entities used in the
<a name="line263"></a> * protocol name, which should never happen, e.g. &quot;h&amp;#116;tp&quot; for &quot;http&quot;.
<a name="line264"></a> * It also disallows HTML entities in the first path part of a relative path,
<a name="line265"></a> * e.g. &quot;foo&amp;lt;bar/baz&quot;.  Our existing escaping functions should not produce
<a name="line266"></a> * that. More importantly, it disallows masking of a colon,
<a name="line267"></a> * e.g. &quot;javascript&amp;#58;...&quot;.
<a name="line268"></a> *
<a name="line269"></a> * @private
<a name="line270"></a> * @const {!RegExp}
<a name="line271"></a> */
<a name="line272"></a>goog.html.SAFE_URL_PATTERN_ = /^(?:(?:https?|mailto):|[^&amp;:/?#]*(?:[/?#]|$))/i;
<a name="line273"></a>
<a name="line274"></a>
<a name="line275"></a>/**
<a name="line276"></a> * Creates a SafeUrl object from {@code url}. If {@code url} is a
<a name="line277"></a> * goog.html.SafeUrl then it is simply returned. Otherwise the input string is
<a name="line278"></a> * validated to match a pattern of commonly used safe URLs. The string is
<a name="line279"></a> * converted to UTF-8 and non-whitelisted characters are percent-encoded. The
<a name="line280"></a> * string wrapped by the created SafeUrl will thus contain only ASCII printable
<a name="line281"></a> * characters.
<a name="line282"></a> *
<a name="line283"></a> * {@code url} may be a URL with the http, https, or mailto scheme,
<a name="line284"></a> * or a relative URL (i.e., a URL without a scheme; specifically, a
<a name="line285"></a> * scheme-relative, absolute-path-relative, or path-relative URL).
<a name="line286"></a> *
<a name="line287"></a> * {@code url} is converted to UTF-8 and non-whitelisted characters are
<a name="line288"></a> * percent-encoded. Whitelisted characters are &#39;%&#39; and, from RFC 3986,
<a name="line289"></a> * unreserved characters and reserved characters, with the exception of &#39;\&#39;&#39;,
<a name="line290"></a> * &#39;(&#39; and &#39;)&#39;. This ensures the the SafeUrl contains only ASCII-printable
<a name="line291"></a> * characters and reduces the chance of security bugs were it to be
<a name="line292"></a> * interpolated into a specific context without the necessary escaping.
<a name="line293"></a> *
<a name="line294"></a> * If {@code url} fails validation or does not UTF-16 decode correctly
<a name="line295"></a> * (JavaScript strings are UTF-16 encoded), this function returns a SafeUrl
<a name="line296"></a> * object containing an innocuous string, goog.html.SafeUrl.INNOCUOUS_STRING.
<a name="line297"></a> *
<a name="line298"></a> * @see http://url.spec.whatwg.org/#concept-relative-url
<a name="line299"></a> * @param {string|!goog.string.TypedString} url The URL to validate.
<a name="line300"></a> * @return {!goog.html.SafeUrl} The validated URL, wrapped as a SafeUrl.
<a name="line301"></a> */
<a name="line302"></a>goog.html.SafeUrl.sanitize = function(url) {
<a name="line303"></a>  if (url instanceof goog.html.SafeUrl) {
<a name="line304"></a>    return url;
<a name="line305"></a>  }
<a name="line306"></a>  else if (url.implementsGoogStringTypedString) {
<a name="line307"></a>    url = url.getTypedStringValue();
<a name="line308"></a>  } else {
<a name="line309"></a>    url = String(url);
<a name="line310"></a>  }
<a name="line311"></a>  if (!goog.html.SAFE_URL_PATTERN_.test(url)) {
<a name="line312"></a>    url = goog.html.SafeUrl.INNOCUOUS_STRING;
<a name="line313"></a>  } else {
<a name="line314"></a>    url = goog.html.SafeUrl.normalize_(url);
<a name="line315"></a>  }
<a name="line316"></a>  return goog.html.SafeUrl.createSafeUrlSecurityPrivateDoNotAccessOrElse_(
<a name="line317"></a>      url);
<a name="line318"></a>};
<a name="line319"></a>
<a name="line320"></a>
<a name="line321"></a>/**
<a name="line322"></a> * Normalizes {@code url} the UTF-8 encoding of url, using a whitelist of
<a name="line323"></a> * characters. Whitelisted characters are not percent-encoded.
<a name="line324"></a> * @param {string} url The URL to normalize.
<a name="line325"></a> * @return {string} The normalized URL.
<a name="line326"></a> * @private
<a name="line327"></a> */
<a name="line328"></a>goog.html.SafeUrl.normalize_ = function(url) {
<a name="line329"></a>  try {
<a name="line330"></a>    var normalized = encodeURI(url);
<a name="line331"></a>  } catch (e) {  // Happens if url contains invalid surrogate sequences.
<a name="line332"></a>    return goog.html.SafeUrl.INNOCUOUS_STRING;
<a name="line333"></a>  }
<a name="line334"></a>
<a name="line335"></a>  return normalized.replace(
<a name="line336"></a>      goog.html.SafeUrl.NORMALIZE_MATCHER_,
<a name="line337"></a>      function(match) {
<a name="line338"></a>        return goog.html.SafeUrl.NORMALIZE_REPLACER_MAP_[match];
<a name="line339"></a>      });
<a name="line340"></a>};
<a name="line341"></a>
<a name="line342"></a>
<a name="line343"></a>/**
<a name="line344"></a> * Matches characters and strings which need to be replaced in the string
<a name="line345"></a> * generated by encodeURI. Specifically:
<a name="line346"></a> *
<a name="line347"></a> * - &#39;\&#39;&#39;, &#39;(&#39; and &#39;)&#39; are not encoded. They are part of the reserved
<a name="line348"></a> *   characters group in RFC 3986 but only appear in the obsolete mark
<a name="line349"></a> *   production in Appendix D.2 of RFC 3986, so they can be encoded without
<a name="line350"></a> *   changing semantics.
<a name="line351"></a> * - &#39;[&#39; and &#39;]&#39; are encoded by encodeURI, despite being reserved characters
<a name="line352"></a> *   which can be used to represent IPv6 addresses. So they need to be decoded.
<a name="line353"></a> * - &#39;%&#39; is encoded by encodeURI. However, encoding &#39;%&#39; characters that are
<a name="line354"></a> *   already part of a valid percent-encoded sequence changes the semantics of a
<a name="line355"></a> *   URL, and hence we need to preserve them. Note that this may allow
<a name="line356"></a> *   non-encoded &#39;%&#39; characters to remain in the URL (i.e., occurrences of &#39;%&#39;
<a name="line357"></a> *   that are not part of a valid percent-encoded sequence, for example,
<a name="line358"></a> *   &#39;ab%xy&#39;).
<a name="line359"></a> *
<a name="line360"></a> * @const {!RegExp}
<a name="line361"></a> * @private
<a name="line362"></a> */
<a name="line363"></a>goog.html.SafeUrl.NORMALIZE_MATCHER_ = /[()&#39;]|%5B|%5D|%25/g;
<a name="line364"></a>
<a name="line365"></a>
<a name="line366"></a>/**
<a name="line367"></a> * Map of replacements to be done in string generated by encodeURI.
<a name="line368"></a> * @const {!Object.&lt;string, string&gt;}
<a name="line369"></a> * @private
<a name="line370"></a> */
<a name="line371"></a>goog.html.SafeUrl.NORMALIZE_REPLACER_MAP_ = {
<a name="line372"></a>  &#39;\&#39;&#39;: &#39;%27&#39;,
<a name="line373"></a>  &#39;(&#39;: &#39;%28&#39;,
<a name="line374"></a>  &#39;)&#39;: &#39;%29&#39;,
<a name="line375"></a>  &#39;%5B&#39;: &#39;[&#39;,
<a name="line376"></a>  &#39;%5D&#39;: &#39;]&#39;,
<a name="line377"></a>  &#39;%25&#39;: &#39;%&#39;
<a name="line378"></a>};
<a name="line379"></a>
<a name="line380"></a>
<a name="line381"></a>/**
<a name="line382"></a> * Type marker for the SafeUrl type, used to implement additional run-time
<a name="line383"></a> * type checking.
<a name="line384"></a> * @const
<a name="line385"></a> * @private
<a name="line386"></a> */
<a name="line387"></a>goog.html.SafeUrl.TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_ = {};
<a name="line388"></a>
<a name="line389"></a>
<a name="line390"></a>/**
<a name="line391"></a> * Utility method to create SafeUrl instances.
<a name="line392"></a> *
<a name="line393"></a> * This function is considered &quot;package private&quot;, i.e. calls (using &quot;suppress
<a name="line394"></a> * visibility&quot;) from other files within this package are considered acceptable.
<a name="line395"></a> * DO NOT call this function from outside the goog.html package; use appropriate
<a name="line396"></a> * wrappers instead.
<a name="line397"></a> *
<a name="line398"></a> * @param {string} url The string to initialize the SafeUrl object with.
<a name="line399"></a> * @return {!goog.html.SafeUrl} The initialized SafeUrl object.
<a name="line400"></a> * @private
<a name="line401"></a> */
<a name="line402"></a>goog.html.SafeUrl.createSafeUrlSecurityPrivateDoNotAccessOrElse_ = function(
<a name="line403"></a>    url) {
<a name="line404"></a>  var safeUrl = new goog.html.SafeUrl();
<a name="line405"></a>  safeUrl.privateDoNotAccessOrElseSafeHtmlWrappedValue_ = url;
<a name="line406"></a>  return safeUrl;
<a name="line407"></a>};
</pre>


</body>
</html>
